Reputation: 750
OAuth signature verification fails
I'm having some problem setting up an oauth provider with two-legged authentication.
I'm using the oauth-plugin gem and the oauth gem, everything works fine except for my "update" requests. The signature verification process keeps failing.
Here is what I'm doing:
In the client, I'm using
oauth = OAuth::AccessToken.new(OAuth::Consumer.new(app_key, app_secret, :site => @api_endpoint))
oauth.get("http://localhost/api/v1/users/1")
oauth.post("http://localhost/api/v1/users", {:email => "[email protected]"})
oauth.put("http://localhost/api/v1/users", {:tags => ["some", "new", "tags"]})
oauth.delete("http://localhost/api/v1/users/1")
get, post and delete all go through authentication fine, but update fails.
On the server side, I have my ClientApplication class set up
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
value = signature.verify
value
rescue OAuth::Signature::UnknownSignatureMethod => e
false
end
end
signature.verify fails on my update requests and passes on the other 3 requests. Anybody know what's happening?
Upvotes: 0
Views: 2358
Answers (1)
Reputation: 750
Turns out the problem is with passing the params through the body.
I moved the params into the url with Addressable/uri, and that fixed the problem.
It's gonna be a little limiting in terms of length, but ok for now.
Upvotes: 1
Related Questions
- Creating Signature and Nonce for OAuth (Ruby)
- Rails — Signing OAuth1 requests
- OAuth1 reject_token 401 unauthorized
- Generating oauth_signature for Netflix
- Ruby Oauth Gem HMAC-SHA1 401 Invalid Signature
- OAuth signature_invalid error using PesaPal API with Ruby
- Ruby Oauth-plugin Authorization Not working
- Invalid OAuth tokens
- OAuth gem not signing requests
- OAauth gem in rails problem